The salt won't protect against poor passwords (common passwords and dictionary words) but it will help relatively good passwords stay secure in the face of ever-expanding collections of rainbow tables. For example there is a 5GB table currently available from freerainbowtables.com that allows you to look up the plain text for any MD5 hash of a string up to 6 characters, including a relatively good password like "F8% z5". Eventually they will expand to 7 characters, then 8... Adding salt makes a rainbow table attack much less practical. I would expect that even a 16-bit random salt would require a rainbow table to be 65,000 times as large.

If you don't want to give your customers a heart attack: add plenty of salt.

Posted
by
samzenpus
on Monday August 23, 2010 @12:37PM
from the my-mama-no-raise-no-dummies-I-dug-her-rap dept.

In addition to helping decipher their Lil Wayne albums, the Justice Department is seeking Ebonics experts to help monitor, translate and transcribe wire tapped conversations. The DEA wants to fill nine full time positions. From the article: "A maximum of nine Ebonics experts will work with the Drug Enforcement Administration’s Atlanta field division, where the linguists, after obtaining a 'DEA Sensitive' security clearance, will help investigators decipher the results of 'telephonic monitoring of court ordered nonconsensual intercepts, consensual listening devices, and other media.'”

Posted
by
samzenpus
on Friday February 19, 2010 @01:23PM
from the they-were-right-here-a-second-ago dept.

In a screw up so big it could only be brought to you by the government or a famous athlete, 243 guns were lost by Homeland Security agencies between 2006 and 2008. 179 guns, were lost "because officers did not properly secure them," an inspector general report said. One of the worst examples of carelessness cites a customs officer who left a firearm in an idling vehicle in the parking lot of a convenience store. The vehicle was stolen while the officer was inside. "A local law enforcement officer later recovered the firearm from a suspected gang member and drug smuggler," the report said.

Posted
by
timothy
on Wednesday February 17, 2010 @01:59PM
from the dog-ate-it dept.

markass530 writes "An iPhone insurance carrier says that four in six claims are suspicious, and is worse when a new model appears on the market. 'Supercover Insurance is alleging that many iPhone owners are deliberately smashing their devices and filing false claims in order to upgrade to the latest model. The gadget insurance company told Sky News Sunday that it saw a 50-percent rise in claims during the month Apple launched the latest version, the iPhone 3GS.'"

gandhi_2 writes: The Guardian has a story about an ongoing legal battle over the use of full body scanners in the UK. The Protection of Children Act 1978, includes provisions in which it is illegal to create an indecent image or a "pseudo-image" of a child....which a full body scanner does.

Posted
by
samzenpus
on Wednesday November 25, 2009 @12:32PM
from the a-jetwing-and-a-prayer dept.

Last year we ran the story of Yves Rossy and his DIY jetwings. Yves spent $190,000 and countless hours building a set of jet-powered wings which he used to cross the English Channel. Rossy's next goal is to cross the Strait of Gibraltar, from Tangier in Morocco and Tarifa on the southwestern tip of Spain. From the article: "Using a four-cylinder jet pack and carbon fibre wings spanning over 8ft, he will jump out of a plane at 6,500 ft and cruise at 130 mph until he reaches the Spanish coast, when he will parachute to earth." Update 18:57 GMT: mytrip writes: "Yves Rossy took off from Tangiers but five minutes into an expected 15-minute flight he was obliged to ditch into the wind-swept waters."

I like the auction idea. Not all TLD's are of equal value. Perhaps instead of a fixed price there should be a fixed minimum bid to cover costs and an auction of, say, 90 days to see who is willing to pay the most for the rights to control the new TLD. That should bring in enough revenue that the minimum bid could be brought down to a range that some smaller organizations could afford, like $1000.

Perhaps there should be an annual maintenance fee. How about 1% of the purchase price? If the fee is not paid the domain is re-auctioned to a new owner. I foresee problems with the new owner raising rates on sub-domain owners, either to milk them or to drive them away so the sub-domains can be re-sold... Not sure if/how I would propose controlling that.